X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FManual%2FTutorial%2F06_Authorization.pod;h=bb78efad7646a1c38d575383e9749ff93e75a9bc;hb=20e49994744167ded52876ee1a7d066e1a0c6c39;hp=47bc345b3e37295ee57bd882860c98c3e2417c72;hpb=bf4d990b0a0ae91df4e722a5a8e51d614e8eeae0;p=catagits%2FCatalyst-Manual.git

diff --git a/lib/Catalyst/Manual/Tutorial/06_Authorization.pod b/lib/Catalyst/Manual/Tutorial/06_Authorization.pod
index 47bc345..bb78efa 100644
--- a/lib/Catalyst/Manual/Tutorial/06_Authorization.pod
+++ b/lib/Catalyst/Manual/Tutorial/06_Authorization.pod
@@ -57,8 +57,9 @@ L<Appendices|Catalyst::Manual::Tutorial::10_Appendices>
 =head1 DESCRIPTION
 
 This chapter of the tutorial adds role-based authorization to the
-existing authentication implemented in Chapter 5.  It provides simple
-examples of how to use roles in both TT templates and controller
+existing authentication implemented in
+L<Chapter 5|Catalyst::Manual::Tutorial::05_Authentication>.  It provides
+simple examples of how to use roles in both TT templates and controller
 actions.  The first half looks at basic authorization concepts. The
 second half looks at how moving your authorization code to your model
 can simplify your code and make things easier to maintain.
@@ -77,6 +78,7 @@ Catalyst.
 =head2 Update Plugins to Include Support for Authorization
 
 Edit C<lib/MyApp.pm> and add C<Authorization::Roles> to the list:
+***TODO: remove stacktrace?
 
     # Load plugins
     use Catalyst qw/
@@ -92,6 +94,8 @@ Edit C<lib/MyApp.pm> and add C<Authorization::Roles> to the list:
         Session
         Session::Store::File
         Session::State::Cookie
+
+        StatusMessage
     /;
 
 Once again, include this additional plugin as a new dependency in the
@@ -189,8 +193,9 @@ message.  Note that we intentionally chose to display the message this
 way to demonstrate that TT templates will not be used if the response
 body has already been set.  In reality you would probably want to use a
 technique that maintains the visual continuity of your template layout
-(for example, using the "status" or "error" message feature added in
-Chapter 3 or C<detach> to an action that shows an "unauthorized" page).
+(for example, using L<Catalyst::Plugin::StateMessage> as shown in the
+L<last chapter|Catalyst::Manual::Tutorial::05_Authentication> to
+redirect to an "unauthorized" page).
 
 B<TIP>: If you want to keep your existing C<url_create> method, you can
 create a new copy and comment out the original by making it look like a
@@ -269,11 +274,18 @@ the "C<DO NOT MODIFY ...>" line:
         return any(map { $_->role } $self->roles) eq $role;
     }
 
-Let's also add Perl6::Junction to the requirements listed in
+Let's also add C<Perl6::Junction> to the requirements listed in
 Makefile.PL:
 
     requires 'Perl6::Junction';
 
+B<Note:> Feel free to use C<grep> in lieu of C<Perl6::Junction::any> if
+you prefer.  Also, please don't let the use of the C<Perl6::Junction>
+module above lead you to believe that Catalyst is somehow dependent on
+Perl 6... we are simply using that module for its
+L<easy-to-read|http://blogs.perl.org/users/marc_sebastian_jakobs/2009/11/my-favorite-module-of-the-month-perl6junction.html>
+C<any> function.
+
 Now we need to add some enforcement inside our controller.  Open
 C<lib/MyApp/Controller/Books.pm> and update the C<delete> method to
 match the following code:
@@ -299,7 +311,8 @@ match the following code:
         $c->flash->{status_msg} = "Book deleted";
     
         # Redirect the user back to the list page
-        $c->response->redirect($c->uri_for($self->action_for('list')));
+        $c->response->redirect($c->uri_for($self->action_for('list'),
+            {mid => $c->set_status_msg("Deleted book $id")}));
     }
 
 Here, we C<detach> to an error page if the user is lacking the